Update to Bitcoin Client Fixes DoS Bug, Password Strength

The developers behind Bitcoin-QT, a software wallet used to protect and back up Bitcoin currency, have pushed out a new version of the client, fixing a critical denial-of-service bug, three security issues and fortifying password security.

Version 0.8.4 of the original Bitcoin client was posted to SourceForge early this morning and anyone running an out of date version is being instructed to update by either running the Windows installer or copying over the new code on Mac and Linux builds.

According to the update summary, an attacker could have sent a series of messages that would’ve resulted in an integer division-by-zero error in the Bloom Filter handling code. This DoS bug would’ve forced versions 0.8.0 through 0.8.3 of the program to crash. Cryptographically speaking, Bloom Filters are probabilistic structures used for set membership that help send only relevant transactions to lightweight clients.

The update also adds a constant-time algorithm to check RPC password guess attempts (CVE-2013-4165) and a fix for the fill-memory-with-orphan-transactions attack (CVE-2013-4627) that was opened to new vectors of attack by a previous buggy patch.

Bitcoin-QT is the oldest bitcoin client and is often referred to as the gold standard or backbone of the popular, decentralized network. The currency’s website touts Bitcoin-QT as having the “highest levels of security, privacy, and stability,” and users trumpet the service because they can control their own security keys and they’re seen as a node in the network.

Bitcoins, the decentralized virtual currency that popped into the cultural mainstream this summer, has already proved a popular target for attackers. Hackers knocked the Mt. Gox trading exchange offline in April while the dangers of conducting transactions on Android devices were illuminated just last month.

About Chris Brook

"Distrust and caution are the parents of security" - Benjamin Franklin

Recommended Reads

Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.

FireEye scanned iOS and Android apps downloaded billions of times in aggregate and determined that, despite the availability of patches, because the apps still connect to vulnerable HTTPS servers, they’re subject to FREAK attacks.

The Final Say

There are a great many beautiful and unusual towns and cities in the world, there are volcanoes, there are valleys and canyons, and islands and lakes. There are also of course rivers: loads of them ...

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report t...

Android smartphones and tablets are very popular among students for several reasons. First, they are relatively affordable. Second, they are flexible, so users can choose the most suitable set-up for ...